Search results
Tell me about Business risk. We'll show a business risk rating for asset groups in your scan reports. You'll need to create a scan report that: 1) is template based (go to Reports > New > Scan Report > Template Based), 2) has asset groups selected for the report target, 3) scan results selection is set to Status or Status and Trend, and 4) detailed results are sorted by asset group.
- High Severity Report
The template for this report is provided by Qualys and you...
- Patch Reports
This report format provides a feature-rich user interface...
- Scorecard Reports
These tags refer to the text fields on the Business Info tab...
- Technical Report
The Technical Report uses the scan report template, provided...
- Executive Report
This depends on whether you've selected this in your...
- Vulnerability Status Levels
Vulnerability Status Levels. You'll see the vulnerability...
- Authentication Report
This means that the scanning engine authenticated to 66% of...
- PCI Reports
First create a PCI report template. Go to Reports >...
- High Severity Report
Dec 7, 2018 · Reporting routine should coincide with scanning routine - if you scan weekly, report weekly. . Maintain a consistent reporting structure over time for improved trending results. . Reports always collect the most recent scan results; therefore, purging outdated (obsolete) host scan results data is critical.
- Recommendations
- What You Can Report on
- How Often You Should Create Reports
- Report Email Notifications
- Scan Settings and Their Impact
- Tell Me About The Various Reports
- Which IPS Can I Report on?
- What Are Asset Groups?
- What Are Asset tags?
- Including The Latest Compliance Data
We recommend you start small, maybe scan and report on one or two IPs. Review the reports, fix the vulnerabilities found, re-scan the IPs to verify your fixes, and rerun your reports. Once you have this process down you'll feel more comfortable scanning larger sets of IPs.
The simple answer to what to report on is this: any IP in your account that has been scanned for compliance. IPs may include any devices on your network: routers, switches, hubs, firewalls, servers (all common operating systems), workstations, databases, desktop computers, printers, and wireless access devices.
We recommend you schedule your scans to run automatically (daily, weekly, monthly) and create reports with at least the same frequency. That way you'll always have the current compliance status for your hosts. You can even set up report schedules so your reports are launched automatically (daily, weekly, monthly).
You can choose to be notified via email each time a report completes. The email gives you a summary of the results and a secure link to the report. Select User Profile below your user name, go to the Options section and select Report Notification. You'll notice additional email notifications you can opt in to.
The scan settings you choose at scan time impact how we conduct scans. Once scan results are processed we save the compliance data per host - this makes it possible for us to include the latest compliance data in your reports. Keep in mind your reports will include the most recent compliance data stored for each host. Tip: We recommend you use cons...
Check out: Policy Report | Policy Summary | Compliance Scorecard Report | Individual Host Report | Control Pass/Fail Report | Authentication Report | Mandate Based Report
Go to Assets > Host Assets to see the IPs you can scan and report on. If the IPs you want to report on are not listed then add them (or have your manager add them and assign them to you) and then scan them. One way you can tell if an IP address has been scanned is to do an asset search. Go to Assets > Asset Search, enter the IP and click Search. Yo...
Asset groups are user-defined groupings of host assets (IP addresses). You can group hosts by importance, priority, location, ownership, or any other method that makes sense for your organization. When you report on an asset group, only the hosts in the group are included. This allows you to limit the scope of your reports to a particular group of ...
Asset tagging is another method for organizing and tracking the assets in your account. You can assign tags to your host assets. Then when launching scans and reports you can select tags associated with the hosts. This dynamic approach is a great way to ensure you include all hosts that match certain criteria, even if your network is constantly cha...
Your scan(s) must be complete. You'll know this when the scan status shows "Finished" on the scans list. Scan results must be ready. We'll merge (process) your scan results into your account after the scans finish. Watch for the solid green circle next to your scans in the scans list to know whether the scan results are processed. Then you're ready...
The exercise steps in this lab will use the Asset Groups and Option Profile you imported in the previous step. The steps are designed to collect assessment data, using the Qualys External Scanner Pool. Navigate to the following URL to view the lab tutorial for this topic: Lab: Add Host Assets and Launch a Scan Job.
Qualys Cloud Agent scan executes every four hours; hence, it is possible that the same QID is detected multiple times in a day. For example, If the first vulnerability detection time is 2:00 AM IST and the last vulnerability detection time is 6:00 PM IST, then the agent scan is executed approximately six times in a day.
Your scan report must: 1) be template based (Executive Report, High Severity Report, Technical Report, or another report based on a scan report template), and 2) select host based findings (instead of scan based findings). The score for the overall report is the average security risk for all hosts in the report (all hosts matching filters).
People also ask
Should a scan report be weekly or weekly?
How can Qualys impact the success rate of report generation?
Which reports show remediation information set by Qualys?
Does Qualys provide APIs for large data exports?
Is Qualys UI reporting suitable for large scale data exports?
Should you use a host-based or a scan-based report?
By default severity levels 1 to 5 (Lowest to Critical) are displayed. You have the option to choose Low, Medium and High. Define a customized footer and it is displayed in the WAS report:Web application report and scan report (HTML and PDF formats). Use the report template when you generate the report and the custom footer is displayed in the ...
